March 30, 2009

Big Hard Drives = Big Failure Rates? How Safe Is Your Data?

Consider this post as a public service announcement. I've recently been shopping online for a nice big capacity external hard drive, as well as a larger capacity notebook drive. Over the years, I've seen the major hard drive manufacturers go through major problems with quality control and drive failure issues. So naturally I headed on over to Amazon and Newegg to check out the feedback on various drives. It's good to know which zone they're in at the moment before buying.

Since my last 3.5" drive was a Seagate that has performed exceptionally well in one of my desktops, I checked the Seagate drives first. However, after reading about their failure rates in both their external FreeAgent series as well as the internal drive models, I would recommend staying away from them for some time, especially in the 1 - 1.5TB range, and even their previously acclaimed Barracuda series. I also read some negative feedback on their 500GB notebook drives - that users have experienced serious performance issues with audio or video media stuttering while trying to play back from these hard drives.

I thought I'd share my online findings as a "Buyer Beware" post, based on the following numerous sources:

In my book, when the 1-star reviews (the worst rating) constitute the first or second highest category of customer feedback for each drive on multiple sites, this indicates a serious problem, which is backed up by the Slashdot articles and postings above.

You see, a number of the 3.5" Seagate drives were/are affected by a firmware issue that makes the drives inaccessible after a very short period of use. While Seagate has issued firmware updates, the feedback from users on their effectiveness is not encouraging at all. In fact, it's downright miserable out there, and I wouldn't be surprised in the least to hear of a class action in Seagate's near future. [3.31.09 - I figured I wasn't the only one, see this law firm's site.]

Supposedly the data stored on the drive is still intact, it's just rendered inaccessible. Gee, just what I want to experience with a brand new drive! Others reported the dreaded "click of death" within just days or weeks of use - a sound that usually signals drive failure is imminent. So while Seagate's firmware recommendations page states this "affects a small number" of drives, it would seem that the above Slashdot and negative user feedback pages provide more insight into the scope of the problem(s).

So until we hear of users being more successful with a firmware update, it's probably best to steer clear of those drives for a while. Even if Seagate should release an effective firmware update, the average purchaser probably won't know which dealer stock has the fix, and which ones won't. To have to flash a hard drive right out of the packaging is ludicrous, and who would feel safe trusting their data in this context? Our data is worth far, far more than the drives themselves. As I said, I've had good luck with Seagate drives previously, so it's a shame to hear all the negative feedback with their latest drives. I sincerely hope they're able to turn things around for everyone's sake.

Seagate Not Alone:

That's not to say that Western Digital doesn't have its issues as well. A number of their 3.5" large capacity external "My Book" drive models have received significant negative or mixed feedback online as well, which makes me question why we're seeing such poor or mixed reliability in the 1TB and 1.5TB drive range. Technical issues? Cost-cutting? Quality control issues? Bueller? Bueller?

For a nice in-depth review of several external 1TB drives, see the following at Tom's Hardware:

Moving on to notebook drives, the bright spot seems to be the Western Digital Scorpio Blue and Black 2.5" SATA drives, which have received very good feedback on the above sites. FYI, WD's marketing folks made it very easy to understand the product line: the Scorpio "Blue" notebook drives run at 5400 rpm, while the "Black" drives run at the faster 7200 rpm speed.

The difference is that currently, WD offers a 500GB notebook drive in the Blue series, while the faster Black series maxes out at 320GB, forcing one to choose between larger storage and faster performance. However, looking at the in-depth performance testing over at Tom's Hardware, it appears that the 500GB Scorpio Blue drive provides a very nice balance of high capacity notebook storage, better performance than smaller capacity drives from even a year or two ago, and reasonable power consumption. Because the Scorpio Blue 500GB drive has received overwhelmingly good feedback at several major sites (Amazon, Newegg, Tom's Hardware), this is the one I've selected for a swap for my laptop's 200GB drive. I want a bit more room for my many projects, photos, and other media, without sacrificing battery life, and its user reviews are overwhelmingly very positive.

I'm informed from both their sales and tech support departments that while their previous Pro Drive external hard drive products were multi-sourced with drives from several different drive manufacturers, their newly manufactured Pro Drives will contain Hitachi drives only. No surprise there, given the acquisition. So far the limited online feedback I've seen on the 1TB Hitachi drive appears to be fairly good in balance, although I've never tried a Hitachi drive yet myself. But given the mixed feedback on both Seagate and Western Digital 3.5" external drives, it's enough to make me consider SimpleTech's Pro Drive line instead. It's certainly more versatile in the connection department, and it received a good recommendation in the Tom's Hardware article listed above.

Another option is to roll your own external drive, by buying the drive you prefer along with an external drive enclosure. Just make sure that the enclosure is rated for the drive. Because of power and potential chipset limitations, though, many enclosures are not rated for these big capacity drives, which is why it's nice to buy a ready-made external drive in the first place.

[Update 3.31.09: I should also note the external V2 ABSplus USB 2.0 & eSATA drives offered by CMS Products. Their bundled backup software, BounceBack Ultimate, has some interesting features, including full drive restoration including partition formatting, continuous data protection, versioning, synchronization, and support for backing up open files.

It also backs up your files in their native format on the drive. Native file format is nice for the fact that you can simply copy the backed up files from the external drive to another drive without having to first install or use the proprietary backup software on another PC. You can also use the BounceBack software to restore them too, it's your choice. The trade-off with native file storage is that you lose some of the space savings that comes from backing up in a compressed format, but I really like that you aren't handcuffed to the backup software to restore it.

By the way, CMS Products is based in California (est. 1983), their sales and tech support people both answered the phone quickly, and were very helpful and pleasant in answering all my questions. It was soooo nice not having to deal with outsourced tech support, so score one for a domestic tech company with great customer service.

I'm informed that while their external 1TB V2 ABSplus drives were using drives from Western Digital and Hitachi, their 1.5TB drive was indeed the exact same model number as the Seagate Barracuda drive I listed as the third one under the Newegg heading above. Thus I shared with them my concern over the Seagate drives at the present time.

Notably, their 1TB drive recently won the top "Best Buy" category in PC World's "Top Ten External Hard Drives" list. Unlike most other 1TB external drives that have a plastic enclosure, this drive comes in an aluminum case - which makes it far more durable and protected, and the metal case also serves to dissipate heat. I also like that it has a power switch on the back, something most consumer brand external drives lack these days. So I ordered a 1TB V2 ABSplus unit, and am looking forward to putting it through its paces.]

March 21, 2009

Think Before You In-source

My latest InsideCounsel article, "Think Before You In-source" is now available online. While there has certainly been a trend to bring eDiscovery in-house, lately I've been hearing from a number of corporate legal and enterprise IT professionals regarding their frustration in this area. I'm not alone, having heard the same from colleagues at LegalTech NY and elsewhere.

I have recently heard from a number of companies who have been dissatisfied that what they've brought in-house from software providers hasn't lived up to the hype, delivered the best results or integrated with all the necessary data systems to address their needs. Some of those acquisitions are even being shelved or curtailed prematurely, well before realizing their return on investment.

Thus I offer seven key factors and issues to consider before deciding to bring various e-discovery services and technology in-house. In addition, often a number of difficulties can be addressed through better process design, since technology isn't a broad spectrum panacea. It's a tool to support and automate those processes, not the other way around, and it's important to keep things in the proper perspective:

Keep in mind, this discussion isn't advocating that various aspects of e-Discovery shouldn't be brought in-house. Obviously, many companies are doing just that with the goal to reduce costs, improve consistency and gain better control over their processes to improve compliance. Thus a better statement is that the decision on whether to bring eDiscovery tasks in-house shouldn't be made lightly or because you heard another company in your industry has done so. It needs to make sense and fit well with your particular company's abilities, goals, resources, culture, business processes, risk management, and more.

Like most things worth doing, it's important to consider a number of critical factors and issues before jumping on the bandwagon and throwing technology at the problems, some of which aren't even technological issues. The more you have done your homework, including having a good handle on the particular issues, gaps, costs, risks, and processes needing to be addressed, the better off you'll likely be when the smoke clears.

In addition, it's important that companies don't just explore the obvious if they want to make meaningful improvements and cost reductions. There are a number of concurrent or alternate cost-saving measures than can offer significant benefits, which should also be explored or they may be otherwise overlooked in all the hype.

March 11, 2009

Multi-Pass Erasure Myth Debunked

"Top notch computer forensic examiners have special tools and techniques enabling them to recover overwritten data from a wiped hard drive so long as the drive was wiped less than 3 or 7 or 35 times." The myth also goes that someone using a magnetic force electron microscope would be able to discern the trace magnetic signal left behind on a drive that wasn't wiped enough times, and somehow piece together the underlying wiped data. Which is a leading reason why common file and disk wiping tools have included all kinds of multi-pass wiping options, ranging from the DOD-specified wipes to the massive 35 times Gutmann wipe.

One part of the myth also says that one can recover trace magnetic data from the spaces between the tracks as the drive heads don't track exactly the same on each pass when writing data. (Think of this as the space between the grooves on a vinyl record, for those of us who fondly remember them.)

To which Craig says, "Nonsense!" and "[i]t's all a lot of hogwash, at least with respect to any drive made this century." He explains how the vastly increased "areal density" of modern hard drives leaves little room for wiped data to be resurrected, even if it's only wiped with a single pass. Areal density simply refers to how closely packed together all the data bits are, which allows manufacturers to place hundreds of GB on a single hard drive platter these days.

Like him, I've heard the myth for years and questioned the ability to use a magnetic force electron microscope to resurrect wiped data. First, it would be incredibly expensive to do (but that factor only makes it impracticable). So it was interesting to hear the results, as Craig related from several professionals performing such an experiment, was that it was less successful than a simple coin toss.

Thus he concludes:

"You only need one complete pass to eviscerate the data (unless your work requires slavish compliance with obsolete parts of Department of Defense Directive 5220.22-M and you make two more passes for good measure).

No tool and no technique extant today can recover overwritten data on 21st century hard drives. Nada. Zip. Zilch."

While fascinating from a technical perspective, the real take-away from Craig's article is the reminder that:

"The most egregious is the assumption that formatting a hard drive is the same as wiping its contents. In fact, formatting obliterates almost none of a drive's contents. Any eBay purchaser of a formatted drive can easily restore its contents."

If only I had a Google share for every time I advised someone about this danger and resulting risk. If you are disposing of a hard drive or giving it to someone else to use, use a proper drive wiping tool first, not a simple format command.

Another good take-away is Craig's discussion of the "G List" sectors on a hard drive, and why conventional wiping cannot touch that data. So what are those?

In essence, modern hard drives have the ability to sense when a sector is going bad (i.e., not able to store information reliably). When that is detected, the hard drive automatically copies the contents of the ailing sector to another unused sector on the hard drive, and remaps (points) to its new location on the drive. This map is kept in the G List on the drive, which stands for Growth List or Growing Defect List. This is a good thing so you don't lose data to bad spots on the hard drive. However, when you use wiping software to wipe the drive's data, it can only wipe data in the accessible areas of the drive (which include the second copies of the bad sectors). However, the original "bad" sectors cannot be wiped by conventional software as they are not accessible to it.

But as Craig points out, for the industrious there's a cure for that as well:

"Remarkably, nearly all hard drives manufactured after 2001 incorporate the ability to rapidly and securely self-erase everything, including the G List; but, drive and computer manufacturers are so petrified you'll mess that up, they don't offer an easy way to initiate a self-destruct sequence.

For those at ease with command line interfaces, the Secure Erase commands can be run using free tools developed for the NSA and available at http://tinyurl.com/serase. But be careful with these as there's no road back."

It's a good read for anyone curious (and paranoid) about securely deleting data.

March 03, 2009

Risk Assessments Recommended for Companies as SEC Prepares to Flex Its Muscles

The increase in the SEC's enforcement tone, coupled with mass layoffs, could be setting the stage for serious compliance risks at various public companies.

I just read "Companies in Dangerous Position as SEC Prepares to Flex Its Muscles", a National Law Journal interview with Michael Dockterman, a litigation partner at Chicago's Wildman, Harrold, Allen & Dixon, whose practice includes advising boards on corporate governance and compliance issues. He spoke about why boards need to boost compliance, even amid corporate budget cutbacks.

A key take-away is that as the remaining employees are increasingly overworked as the result of mass layoffs, there are fewer people with less time to focus on compliance issues. Meanwhile, the SEC appears to be gearing up via policy changes to boost the commission's enforcement powers. This doesn't bode well for companies who may be spending less time on compliance in order to deal with more pressing issues.

Thus he recommends that directors should not reduce the amount of time spent on performing and evaluating risk assessments that should be at the foundation of all compliance programs. "Companies should look at where their operations are rubbing up against legal requirements, financial or otherwise. How are we certain that the way in which we're conducting our operations is in compliance with laws, including labor laws, environmental, antitrust and securities laws -- the whole gamut?"

I'll add that in addition to the more obvious areas above, eDiscovery and litigation readiness are just as important in companies' compliance programs. In all those areas listed above, electronically stored information (ESI) is going to be present. The company's ability - or inability - to properly preserve, collect, review, and produce ESI could have far-ranging implications and impact.

I've heard from so many companies' attorneys that they know they have significant risks relating to eDiscovery and many feel that they've just been "lucky so far." Typically, preservation, collection, and spoliation issues are keeping GC's and AGC's up at night. As law department budgets are being cut by as much as 20%, their job is certainly made more difficult.

However, those with the appropriate balance of short-term and long-term vision are finding ways (and funds) to invest in the future of the company by addressing these issues before they blow up on counsel and IT. When you consider the hard dollar costs, the blow to both the company's and legal department's reputations and position in the marketplace, and resulting fallout, one "compelling event" (as we tend to call it in the trade) can cost the company far, far more than any amount of proactive investment that could have prevented or greatly mitigated it in the first place.

Some are taking better stock of where they are, identifying their gaps, and then putting in place both procedures and technology, where justified, to address them. For some, it's slow going, making only modest gains and inching along while hoping the recession doesn't stretch out too long, or the cuts become too deep. And many, I suspect, are experiencing much quiet desperation hoping (and some might even say gambling) that they don't experience that "compelling event" before they are better able to address the underlying issues.

The problem is that in the current economic climate, between terminations of executives and increased SEC investigations, companies will likely experience more of these with upper management involved as both plaintiffs and defendants. These tend to be higher dollar, higher risk, and higher visibility.

Especially with staff culling, many companies simply lack the internal expertise to have a broad enough understanding of industry best practices and the resources to define and implement them effectively - whether it's records management, information governance, or litigation readiness. My suggestion is that it's better to spend a relatively small amount on addressing them now with outside help and making steady progress (even if it's not as fast as you'd prefer, it is still progress) and positioning it internally as a significant cost avoidance program. It's also a metric that can be reported upward to the board as a sign of responsible management.

You might be surprised how much people are willing to listen about cost avoidance these days. Be prepared to discuss ROI not so much in terms of estimable dollars (as we know these types of matters are very difficult to predict dollar-wise), but in terms of number of events avoided. If you could make your money back by avoiding just a handful of these events, that's a very compelling ROI story to tell. If pressed for dollar estimates, give ranges and tiers for enhanced credibility.

So while budgets are being cut, there is still a need for proactive risk management. As internal resources dwindle, consider augmenting your efforts with outside expertise. Compared to the cost of not doing it, it's actually a very responsible thing to do in the long run.